package com.sys.console.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
 * 防止XSS恶意参数
 * @project  name  : basic_core
 * @author   name  : wangchao   
 * @create   time  : 2016-4-5 上午10:20:34  
 * @class    name  : cn.com.basic.framework.web.filter.XssFilter  
 * @modify   list  : (modify by :modify date:modify content)       
 *
 */
public class XssFilter implements Filter {

    /**
     * Default constructor. 
     */
    public XssFilter() {
    	
    }

	/**
	 * @see Filter#destroy()
	 */
	public void destroy() {
		
	}

	/**
	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
	 * 使用xssRequestWrapper对request进行包装，覆盖一些方法，处理xss过滤
	 */
	public void doFilter(ServletRequest servletRequest, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) servletRequest;
		HttpServletResponse hresponse = (HttpServletResponse) response;
		hresponse.setHeader("Set-Cookie", "name=value; HttpOnly");
/*		String servletPath = request.getServletPath();  

		Enumeration enu=request.getParameterNames();
		 while(enu.hasMoreElements()){
			 String name=(String)enu.nextElement();
			 System.out.println("参数名称："+name);
			 System.out.println("参数值："+request.getParameter(name));
		 }*/
		XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper(
				(HttpServletRequest) request);
		chain.doFilter(xssRequest, response);
	}

	/**
	 * @see Filter#init(FilterConfig)
	 */
	public void init(FilterConfig fConfig) throws ServletException {
		// TODO Auto-generated method stub
	}

}
